Skip to content

camsellem/grafana-privacy-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
dashboard
dashboard
 
 
docker
docker
 
 
helm
helm
 
 
.DS_Store
.DS_Store
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
demo.sh
demo.sh
 
 

Repository files navigation

The Grafana Privacy demo

This repository contains the demo artifacts used for the Grafana webinar "Managing privacy in log data with Grafana Loki".

The purpose of the demo is to show:

  • How to use Grafana Agent pipelines to obfuscate PII data in logs
  • How to detect PII data and use Grafana Logs LBAC to protect access to sensitive information
  • How to use Grafana Agent metrics to design PII audit dashboards in Grafana (TBD)
Title Manages privacy in your log data with Grafana Logs
Duration 20 minutes
Audience Technical and non-technical
Personas CISO
Devops
Products Grafana Cloud Logs
Grafana Enterprise Logs
Features Grafana Agent - Pipeline stages
Grafana Agent - Pipeline metrics
LBAC

Pre-requisites

  • A Grafana Cloud stack (including logs and metrics instances)
  • Access to a Kubernetes cluster - the demo was tested on Google Kubernetes Engine (GKE)
  • The Kubernetes command-line tool (kubectl) installed on your laptop
  • Helm installed on your laptop (tested with Helm v3)

Running the demo

The following steps describe how to build and deploy the demo in your envrionment.

Configure the script

You need to edit the script demo.sh and configure the following variables.

DOCKER_IMG_REPO_URL - URL of the images repository
K8S_NAMESPACE       - Namespace used to install the demo
GC_METRICS_ENDPOINT - Your Grafana Cloud Metrics endpoint
GC_METRICS_USERNAME - Your Grafana Cloud Metrics username
GC_LOGS_ENDPOINT    - Your Grafana Cloud Logs endpoint
GC_LOGS_USERNAME    - Your Grafana Cloud Logs username
GC_API_KEY          - Your Grafana Cloud API Key

Build and upload the images

Run the following command in order to build the images and upload them to your images repository

./demo.sh build

Deploy the demo

Run the following command in order to deploy the demo in your Kubernetes cluster

./demo.sh deploy

Once the deployment is over the script should displayed the address of the web portal and the Grafana Agent Push API

The agent also exposes pipeline metrics than can be used to track how many sensitive values have been detected/deleted/redacted. These metrics can be displayed via the "Audit and privicaty dashboard". The template is available in the ./dashboard folder and must be imported in your Grafana Cloud instance.

Delete the demo

If you wish to delete all deployed artifacts (frontend, agent, etc) please run the command below:

./demo.sh clean

Once the deployment is over the script should displayed the address of the web portal and the Grafana Agent Push API

Limitations

Because the web portal and the Grafana Agent Push API endpoint are exposed on different ports, you need to disable CORS protection in your browser.

One way to do it is by starting chrome with the specific flag as shown below:

open -n -a /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --user-data-dir="/tmp/chrome_dev_test" --disable-web-security

TO-DO

  • Deploy an ingress controller for avoiding CORS issues

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages